| Summary: | "Software not from a trusted source" prompt does not tell which package is the suspect one | ||
|---|---|---|---|
| Product: | [Plasma] plasmashell | Reporter: | Massimiliano L <m.lincetto> |
| Component: | PK Updates widget | Assignee: | Jan Grulich <jgrulich> |
| Status: | RESOLVED UNMAINTAINED | ||
| Severity: | normal | CC: | jgrulich, nate |
| Priority: | NOR | ||
| Version First Reported In: | 6.2.4 | ||
| Target Milestone: | 1.0 | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: | example prompt | ||
When do you get this prompt? What are you doing to trigger it? (In reply to Nate Graham from comment #1) > When do you get this prompt? What are you doing to trigger it? I have not encountered a chance to reproduce it yet. What I did is just launch the upgrade through the "software updates" widget. Unfortunately I do not remember which packages were in the list, and after the upgrade I did not know how to get back the log of what was installed. And you're sure you were using the plasma-pk-updates widget, and not Discover? (In reply to Nate Graham from comment #3) > And you're sure you were using the plasma-pk-updates widget, and not > Discover? I clicked on the "Software Updates" icon in the tray and if I right click on the same item I get "Configure Software Updates" so I guess this does not have to do with Discover. I have been doing it for a while and it has worked flawlessly so far. I would suspect a package from one of my "external" repos (Skype, Zoom, Slack) to be the cause. I am fine in putting this on hold until I can reproduce it again. Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone! I managed to reproduce the bug while trying to update slack. And I can double confirm this is software updates and not Discover. The RPM repo file (/etc/yum.repos.d/slack.repo) reads as follows: [slack] name=slack baseurl=https://packagecloud.io/slacktechnologies/slack/fedora/21/x86_64 enabled=1 gpgcheck=0 gpgkey=https://packagecloud.io/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone! This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone! Reopening this since I had provided additional info. I'm afraid this widget is unmaintained and has not been ported to Qt 6, meaning it's no longer released; closing all of its bug reports. |
Created attachment 137862 [details] example prompt SUMMARY In some circumstances, the software update service will prompt for a password because "The software is not from a trusted source." Action is indicated as "Install untrusted local file". In such case, there is no mention about which package is the "suspect" so the user has no choice except accepting blindly the update or aborting. Also it is confusing to have the action described as "Install untrusted local file" while the package is being update from a repository. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Fedora 33 + KDE copr (available in About System) KDE Plasma Version: 5.21.4 KDE Frameworks Version: 5.81.0 Qt Version: 5.15.2